The present invention relates to the field of computer operating system security policy implementation. Specifically, embodiments relate to providing a privilege framework in which traditional super-user based processes and traditional privilege based processes can coexist.
The traditional security policy model for Unix-based operating systems has only one mechanism for distinguishing between privileged processes and unprivileged processes. This mechanism is the association of all privileges to a user having a userid of zero, also known as a “super-user.” A basic flaw of this model is the all-or-nothing approach. An application which needs a single special privilege, such as a web server binding to a specific reserved port, a program running in the real-time scheduling class, a server to keep the clock synchronized, etc., all need to run or start with a userid of zero, e.g., as “root”.
In the traditional super-user model, a user with userid=0 can read and write to all files. In a traditional privilege model, one process may have the ability to read a file, but not to write to the file, for example. The privileges can be split into sub-privileges. In an operating system, one can typically have either super-user (userid=0), as with traditional Unix operating environments, or traditional privileges.
There have been attempts by Unix vendors to combine the models, but to date, the typical model is based on allowing a system administrator to decide whether the system is to use the traditional super-user model (userid=0) or the traditional privileges model or some combination of both.